GMC Camelot Risk Analysis [EXTERNAL]

# Camelot GMC Risk Analysis Process LlamaRisk is the Risk Member of Arbitrum DAO's Growth Management Committee. As part of its responsibilities, it has prepared a risk assessment on Camelot Exchange. Arbitrum DAO is looking to deploy an amount (±800 ETH) to Camelot's [wstETH/ETH pair.](https://info.camelot.exchange/pair/arbitrum-one/v3/0xdeb89de4bb6ecf5bfed581eb049308b52d9b2da7) LlamaRisk has identified various risks, the most pertinent of which is liquidity concentration risk. Other risks include smart contract risk and to a much lesser extent access control risk. These risks are considered worth running due to the outsized benefits to the Arbitrum ecosystem and the relatively lower (±10%) allocation of ETH to this trading venue. This mitigates the downside potential of these (low-likelihood) risks. LlamaRisk is currently engaged in mitigation techniques for these risks. Given that comprehensive Arbitrum DAO-specific risk analyses have already been conducted on [wstETH](https://hackmd.io/@HghwlyBWR5GMvOCspxmZIA/B1GCfSI9Jl) and [ETH](https://hackmd.io/@HghwlyBWR5GMvOCspxmZIA/HyporrUc1e), this analysis will focus exclusively on Camelot Exchange V3. # Strategy Risk: Deposit wstETH/ETH to Camelot V3 Camelot Exchange recommends Arbitrum DAO pair wstETH with ETH and allocate the LP token to its V3 wstETH/ETH pool. ## 1. Strategy Design Risk ### 1.1 Design Risk This strategy involves pairing WETH with wstETH and depositing it into Camelot's V3 [WETH/wstETH pool](https://arbiscan.io/address/0xdeb89de4bb6ecf5bfed581eb049308b52d9b2da7#writeContract). This strategy is simple and does not involve leverage. Principal is not necessarily protected due to impermanent loss, but the size of the divergence between tokens is likely very limited given both are ETH-linked. The strategy may be unwound programmatically and does not require counterparty input. DAO LP tokens, however imbalanced they may be, may be withdrawn at any time. #### 1.2 Strategy Mechanics This strategy's mechanics rely on [Algebra Finance's V1.9](https://docs.algebra.finance/algebra-integral-documentation/algebra-v1-technical-reference/contracts/api-reference-v1.9-directional-fees) swap equation, as well as [Uniswap V3's](https://docs.uniswap.org/concepts/protocol/concentrated-liquidity) swap equation. This implementation is well tested, with $50B+ being traded through the exchange. No additional protocols are introduced, meaning incremental risk is low to the DAO. No cross-chain mechanics are introduced. #### 1.3 Economic Incentive Structure xGRAIL incentives are directed at this pool. Fees will also be generated by those swapping in the pool. This makes the yield source both emission and fee-based. This is therefore somewhat sustainable as revenue is driven by usage. By depositing to a pool with lower liquidity, Arbitrum DAO will dilute the yield of those already in this pool by a significant amount. The deeper liquidity should lead to more efficient and higher volume trading, resulting in higher fees being generated nonetheless. #### 1.4 External Protocol Dependency Risk No additional external protocols are used, meaning this presents no incremental risk. ## 2. Market Risk ### 2.1 Market Volatility Exposure Market volatility risk is low. ![image](https://hackmd.io/_uploads/BJuf1p-h1l.png) *Source: 3Y Backtested Impermanent Loss Calculations on WETH/wstETH, LlamaRisk via [DailyDeFi](https://dailydefi.org/tools/impermanent-loss-calculator/)* There is an extremely limited chance that this pool deviates from meaningful deviation from ETH price. As demonstrated above, wstETH and ETH have had very limited impermanent loss over their lifetimes and incentives, trading fees and staking revenue would more than make up for this 0.5% loss. wstETH/ETH have maintained a reliable, continuously increasing peg as demonstrated in the [wstETH risk analysis](https://hackmd.io/@HghwlyBWR5GMvOCspxmZIA/B1GCfSI9Jl). There have been no sustained depegs since withdrawals were activated despite multiple significant volatility events. ### 2.2 Liquidity Risk Liquidity risk is significant. Arbitrum DAO will be depositing ±800 ETH or $1.8M into a pool with $970K TVL. This will make the Arbitrum DAO the major liquidity provider to this pool at roughly ±67% of all supplied liquidity. This presents two key risks to Arbitrum DAO: - **Concentration Risk:** Holding a large share of a liquidity pool can expose the DAO to greater risk if the pool's assets lose value. Other, faster LPs would likely exit their positions far sooner than the DAO, potentially leaving the DAO with an imbalanced LP token. This may result in potentially catastrophic and disproportionate principal loss. - **Exit Liquidity Risk:** When trying to withdraw liquidity, the DAO might face challenges after unwrapping the LP token to access the entirety of its initial deposit as each asset's liquidity has been reduced by the DAO's exit from the pool. These risks are somewhat mitigated by the highly reputable nature of the assets being paired and their rich liquidity elsewhere. Given that these assets are highly resilient, if the pool was imbalanced significantly then arbitrageurs would rebalance the pool. Thanks to the highly liquid nature of underlying assets, exit liquidity has been historically available on DEXs for this trade size on Arbitrum. The DAO may even unstake the wstETH for underlying ETH pending some delay. ### 2.3 Systemic Risk This strategy does not use leverage and is like-pair denominated. It is not subject to systemic risk. ## 3. Operational Risk ### 3.1 Strategy Smart Contract Risk Smart contract risk is worth noting. Camelot V3 has been [explicitly audited by Paladin](https://docs.camelot.exchange/references/audits). The first audit was done [in November 2022](https://3420642431-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHBFQDThxW7Uo7iHfOHG5%2Fuploads%2FwfkVFmkAgXKcpo96K7IJ%2F20221114_Paladin_CamelotNitro%26Presale_Final_Report.pdf?alt=media&token=33d746b1-823e-46e2-8276-c305ecc2fee3) and found 1 high, 2 medium and 8 low severity issues. The second audit, in [October of 2022](https://3420642431-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHBFQDThxW7Uo7iHfOHG5%2Fuploads%2FSzx37uGO83VG3MV0KyCg%2F20221030_Paladin_Camelot_Final_Report.pdf?alt=media&token=4221e0bd-07e0-4a64-a557-2e301955af6f), found 5 high, 7 medium and 17 low severity issues. The smart contracts used are developed by Algebra, which [was audited multiple times](https://docs.camelot.exchange/references/audits): - [Hacken](https://3420642431-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHBFQDThxW7Uo7iHfOHG5%2Fuploads%2F2lquPcvwV0r1boccpN2w%2FHacken_Algebra_Audit.pdf?alt=media&token=0a7a6bcc-6d10-4128-afa8-b7f27a95b753) found 1 medium and 2 low severity issues in December 2021. - [ABDK found](https://3420642431-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHBFQDThxW7Uo7iHfOHG5%2Fuploads%2FYr7aiTrqPNgo6CdCp9Sh%2FABDK_Algebra_v_1_0.pdf?alt=media&token=da5ab26e-94bd-4687-a3d4-29b1e3d851d5) 3 critical, 7 major, 8 moderate and 211 minor issues in July 2022. - [Hexens](https://3420642431-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHBFQDThxW7Uo7iHfOHG5%2Fuploads%2FsuWKjno4cdY0AXwqErn9%2FHexens_Algebra_04_08_final.pdf?alt=media&token=86326e1e-6e0a-49b3-a366-3de0f0d85631) found 3 medium and 3 low severity issues in August 2022. - [PaladinSec found](https://3420642431-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHBFQDThxW7Uo7iHfOHG5%2Fuploads%2FKvBV7EwagpEXM615i7Bm%2F20230614_Paladin_AlgebraProtocolTickSpacingUpgrade_Final_Report.pdf?alt=media&token=0a0b41a7-817f-4aa8-b5c0-6e49bbee1cd3) 3 low and 1 informational severity issues in June 2023 in Algebra's tick spacing upgrade. No bug bounty is documented. This is potentially cause for concern, given in both Algebra's and Camelot's implementation many issues were found by auditors. ### 3.2 Oracle Reliability This strategy does not rely on external oracles but instead pool math. Oracles do not present risk here. ### 3.3 Automation Risk This strategy presents no automation risk as it relies on no automated counterparties. ### 3.4 Mitigation Techniques LlamaRisk will develop monitoring for the DAO's pool concentration and will request the DAO exit the position should the pool reach 90%. LlamaRisk will explore using Hypernative to facilitate this task in an automated manner. LlamaRisk also has engaged Camelot to introduce a bug bounty on the protocol to encourage responsible disclosure. ## 4. Counterparty Risk ### 4.1 Ownership Model Risk This strategy presents limited ownership risk. The owner of this pair ([0xbA6A06f8517e271DB44540e68BA46BEB4Bc6155d](https://arbiscan.io/address/0xbA6A06f8517e271DB44540e68BA46BEB4Bc6155d)) is a GnosisSafe with 2/3 signers: - [0x56140b52879D5b6D03449B912193c7b18210A7af](https://arbiscan.io/address/0x56140b52879D5b6D03449B912193c7b18210A7af) - [0x01E5d631ba707a029C8A1555bDAc4805d7853E21](https://arbiscan.io/address/0x01E5d631ba707a029C8A1555bDAc4805d7853E21) - [0xd8dc994FE2b075c697e5051c89b713Bf15fa9294](https://arbiscan.io/address/0xd8dc994FE2b075c697e5051c89b713Bf15fa9294) This owner is allowed to: - Transfer contract ownership - Set a farming address - Configure the default community fee - Update the vault address - Modify base fee configuration Of these, transferring contract ownership is the most significant - though the new owner will still only be able to modify the above parameters. Access control risk / counterparty risk is therefore low.